RIT Information Security - Bankinghttp://www.rit.edu/security/tags/banking
enSafe Online Shopping & Bankinghttp://www.rit.edu/security/content/safe-online-shopping-banking
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p><em>Jump to:</em></p>
<p><a href="#useasecure">Use a Secure Computer</a></p>
<p><a href="#Researchcompany">Reseach the Company/Website</a></p>
<p><a href="#researchproduct">Research the Product/Service</a></p>
<p><a href="#usestrong">Use Strong Passwords</a></p>
<p><a href="#websiteencryption">Make Sure the Website Uses Encryption</a></p>
<p><a href="#securepayment">Use a Secure Payment Method</a></p>
<p><a href="#monitoraccounts">Monitor Your Accounts</a></p>
<p><a href="#problemsandcomplaints">Problems and Complaints</a></p>
<p><a href="#additionallinks">Additional Links</a></p>
<p><a id="useasecure" name="useasecure"></a></p>
<h3>Use a Secure Computer</h3>
<p>Make sure your computer meets the <a href="/security/content/desktop-and-portable-computer-security-standard">RIT Desktop &amp; Portable Computer Standard</a> before getting online. In addition to up-to-date anti-virus, make sure that your operating system and your web browser have the latest security patches installed.</p>
<p>Don't use public computers to send private information over the Internet. You cannot be sure what security measures are in place and other people may have altered settings or installed malware without your knowledge.</p>
<p><a id="Researchcompany" name="Researchcompany"></a></p>
<h3>Research the Company/Website</h3>
<p>Investigate any bank or retailer you are considering using. How trustworthy are they?</p>
<p>Use the <a href="https://research.fdic.gov/bankfind/">FDIC Bank Find</a> page to make sure the bank is insured by the FDIC.</p>
<p>Check the company's privacy policy. Some companies may sell your e-mail address and/or other contact information to third parties, leading to more spam in your inbox (if there is no privacy policy, you're better off avoiding that site).</p>
<p>Plug the website name into a search engine. What kinds of consumer reviews are returned?</p>
<p>If you're shopping at an auction site, check out the seller's feedback. Have other people had good experiences with them? What forms of payment will they accept?</p>
<p><a id="researchproduct" name="researchproduct"></a></p>
<h3>Research the Product/Service</h3>
<p>Learn more about the product or service you are considering. Are you getting exactly what you want? Look for fine print-are there hidden fees or terms?</p>
<p>Are the prices too good to be true? Insane deals are sometimes used to disguise malicious links. They may also be an indication that the product is actually a counterfeit.</p>
<p>What is the seller's return/exchange policy? Do they cover damaged goods?</p>
<p>What is the bank's policy on fraud? How much protection do they offer? Will they reimburse fraudulent transactions?</p>
<p>What about shipping costs? Is there a minimum purchase amount? Tip: If you're making several purchases, try to combine them on the same order when possible. Not only does it reduce the number of transactions you have to make, but you might save a bundle on shipping costs too!</p>
<p><a id="usestrong" name="usestrong"></a></p>
<h3>Use Strong Passwords</h3>
<p>Use a strong, unique password or pass phrase where allowed. Most online banks (and some retail websites) offer an additional layer of security such as:</p>
<p>Using an on-screen keyboard to enter in passwords (this protects against keyloggers).</p>
<p>Requiring an additional password or personal identification number.</p>
<p>Requiring you to answer a challenge-response question each time you login (e.g., what is your grandmother's maiden name?).</p>
<p>Smart cards or tokens that generate a single-use password (meaning you cannot access your account without this physical device).</p>
<p>Select an online banking service that uses one of the above methods or some other type of additional security protection.</p>
<p><a id="websiteencryption" name="websiteencryption"></a></p>
<h3>Make Sure the Website Uses Encryption</h3>
<p>When you're ready to submit your information, look for the following indicators that the website is secure:</p>
<p>The address bar should begin with either <strong>shttp</strong> or <strong>https</strong> (not just "http") and there must be a padlock in your web browser (the location varies by browser, it usually appears in the address bar or the status bar at the bottom).</p>
<p>Never submit your login information by e-mail. Scammers go to great lengths to make e-mails appear genuine, but no legitimate bank or retailer will ever ask you to submit private information by e-mail.</p>
<p><a id="securepayment" name="securepayment"></a></p>
<h3>Use a Secure Payment Method</h3>
<p>When shopping through an online retailer or through an auction site, make sure you use a secure payment method.</p>
<p>Credit cards are one of the safer options. Federal law limits your liability in the event of credit card fraud to only $50. MasterCard and Visa also offer zero liability for most debit card transactions as well.</p>
<p>See if your bank or credit card issuer offers one-time use or "virtual" card numbers. These are card numbers that you can sign up for and activate for a limited time period. They still link to your regular card/account, however the number is completely different. This means your active account number doesn't have to be transmitted over the Internet at all.</p>
<p>Never give out a bank account number to anyone, and be wary of anyone who insists upon cash or wire transfer only.</p>
<p><a id="monitoraccounts" name="monitoraccounts"></a></p>
<h3>Monitor Your Accounts</h3>
<p>Keep track of all your purchases/account history from start to finish and beyond.</p>
<p>Print out all your orders and receipts, as well as e-mail confirmations and product descriptions. If possible, request that your bank mail you a monthly account statement and compare it to your online statements.</p>
<p>Follow up your purchases by closely watching your bank account and/or credit card statements to monitor for any unauthorized transactions.</p>
<p>You may also want to check your credit report annually (check for free at <a href="http://www.annualcreditreport.com">www.annualcreditreport.com</a>).</p>
<hr /><p><a id="problemsandcomplaints" name="problemsandcomplaints"></a></p>
<h2>Problems and Complaints</h2>
<h3>Online Banking Complaints</h3>
<p>There are several different organizations that regulate financial institutions in the United States. The links below provide additional information on safe online banking as well as instructions for filing a complaint:</p>
<p>FDIC - Safe Internet Banking<br /><a href="http://www.fdic.gov/bank/individual/online/safe.html">http://www.fdic.gov/bank/individual/online/safe.html</a></p>
<p>U.S. Securities and Exchange Commission - Online Brokerage Accounts: What You Can Do to Safeguard Your Money and Your Personal Information<br /><a href="http://www.sec.gov/investor/pubs/onlinebrokerage.htm">http://www.sec.gov/investor/pubs/onlinebrokerage.htm</a></p>
<p>New York Fed - Tips for Safe Banking Over the Internet<br /><a href="https://www.newyorkfed.org/banking/protection.html">https://www.newyorkfed.org/banking/protection.html</a></p>
<h3>Online Shopping Complaints</h3>
<p>If you think you have been a victim of online shopping fraud and/or cannot resolve a problem with the seller, contact the following agencies:</p>
<p>Better Business Bureau<br /><a href="https://www.bbb.org/consumer-complaints/file-a-complaint/nature-of-complaint/">https://www.bbb.org/consumer-complaints/file-a-complaint/nature-of-complaint/</a></p>
<p><a id="additionallinks" name="additionallinks"></a></p>
<h3>Additional Links</h3>
<p><strong>Online Shopping Tips</strong></p>
<ul><li><a href="http://its.ny.gov/eiso">http://its.ny.gov/eiso</a></li>
<li><a href="http://www.consumer.ftc.gov/blog/happy-holiday-shopping">http://www.consumer.ftc.gov/blog/happy-holiday-shopping</a></li>
<li><a href="https://www.staysafeonline.org/stay-safe-online/protect-your-personal-information/online-shopping">https://www.staysafeonline.org/stay-safe-online/protect-your-personal-information/online-shopping</a></li>
<li><a href="http://www.safeshopping.org/">http://www.safeshopping.org</a></li>
</ul><p><strong>Online Banking</strong></p>
<ul><li>FDIC Bank Find<br /><a href="https://research.fdic.gov/bankfind/">https://research.fdic.gov/bankfind/</a></li>
</ul></div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-above"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/security/tags/banking" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Banking</a></div><div class="field-item odd"><a href="/security/tags/best-practices" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Best Practices</a></div><div class="field-item even"><a href="/security/tags/card" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Card</a></div><div class="field-item odd"><a href="/security/tags/credit" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Credit</a></div><div class="field-item even"><a href="/security/tags/encryption" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Encryption</a></div><div class="field-item odd"><a href="/security/tags/identity-theft" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Identity Theft</a></div><div class="field-item even"><a href="/security/tags/password" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Password</a></div><div class="field-item odd"><a href="/security/tags/resource" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Resource</a></div><div class="field-item even"><a href="/security/tags/secure" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Secure</a></div><div class="field-item odd"><a href="/security/tags/shopping" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Shopping</a></div></div></div>Thu, 02 Mar 2017 14:58:57 +0000ISO Admin62 at http://www.rit.edu/securityhttp://www.rit.edu/security/content/safe-online-shopping-banking#commentsMarch - Mobile Device Madnesshttp://www.rit.edu/security/content/march-mobile-device-madness
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p><strong><span style="font-size:20px;">Mobile Device Madness</span></strong></p>&#13;
<p>Mobile devices, particularly smartphones, have become significantly popular, more so than computers and perhaps any other communication device. We all carry them everywhere we go, every day at all times. From using Facebook to checking our bank accounts or saving our schedules in their agendas, we use mobile devices for all kinds of tasks, which is basically what makes them so useful, as both a work and entertainment tool. However, something we hardly ever realize is that they are not always designed with security in mind and therefore, they are not always as secure as most computers, and with the significant growth of smartphone usage, the issues surrounding mobile security have also grown. </p>&#13;
<p>Similarly, there are many different ways in which your mobile device can be a threat to your personal information security: if it is stolen from you or you lose it and it falls into the wrong hands; if your service provider is attacked or there is a breach in your software (whether because you had it jailbreaked or because it is not updated), if someone hijacks it through an open wireless network, etc. All of these reasons are enough for you to be very careful in protecting the device as much as you can, but also in being selective with the information you store in it.</p>&#13;
<p>However there are many things you can do to keep your device as secure as possible so that although it will not guarantee 100% security, at least it will make it a lot harder for cybercriminals to access any of your personal/confidential information. We recommend you to follow the next tips:</p>&#13;
<h4><b>Understand your device</b></h4>&#13;
<ul><li>Configure mobile devices securely by enabling auto-lock and choosing a <a href="/security/content/better-passwords-optimal-mobile-security">complex/secured password</a> for protection, and avoid using auto-complete features that remember user names or passwords.</li>&#13;
<li>Ensure that browser security settings are configured appropriately and enable remote wipe options whenever possible. </li>&#13;
<li>Disable Bluetooth (when not needed). If you can access it, so can others.</li>&#13;
<li>Ensure that sensitive websites use https in your browser URL on both your computer and mobile device.</li>&#13;
<li>Know your mobile vendor's policies on lost or stolen devices and report the loss to your carrier ASAP so they can deactivate the device.</li>&#13;
</ul><h4><b>Use added features</b></h4>&#13;
<ul><li>Keep your mobile device and applications on the device up to date. Use automatic update options if available.</li>&#13;
<li>Install an anti-virus/security program (if available) and configure automatic updates if possible. Find out about <a href="/security/content/protective-mobile-device-software">protective mobile device software.</a></li>&#13;
<li>Use an encryption solution to keep portable data secure in transit and at rest. WPA2 is encrypted. 3G encryption has been cracked. Use an SSL (https) connection where available.</li>&#13;
</ul><h4><b>General tips </b></h4>&#13;
<ul><li>Never leave your mobile device unattended.</li>&#13;
<li>Report lost or stolen devices and change any passwords (such as RIT WPA2) immediately.</li>&#13;
<li>Include contact information with the device: on the lock screen, engraved on the device, and/or inserted into the case.</li>&#13;
<li>For improved performance and security, <a href="https://start.rit.edu/">register your device</a> and connect to the RIT WPA2 network where available.</li>&#13;
<li>Whenever possible, we recommend that Private Information is not accessed from or stored on mobile devices.</li>&#13;
<li>To ensure that RIT information will remain secure, you should use only devices that provide encryption while information is in transit and at rest. </li>&#13;
<li>Security requirements for handling RIT Private, Confidential, and other information may be found in the <a href="/security/content/information-access-protection-standard">Information Access and Protection Standard</a>.</li>&#13;
<li>When downloading apps, make sure you do it from a trusted app store like Google Play. Read more about <a href="/security/content/avoid-questionable-mobile-apps">avoiding questionable mobile apps.</a></li>&#13;
</ul><p><strong>Follow us on all of our social media accounts for more tips and information:</strong></p>&#13;
<p><span style="line-height: 1.538em;">Facebook: <a href="https://www.facebook.com/RITInfosec">RIT Information Security</a> / </span><span style="line-height: 1.538em;">Twitter: <a href="https://twitter.com/RIT_InfoSec">@RIT_InfoSec</a> / </span><span style="line-height: 1.538em;">Google+: <a href="https://plus.google.com/110275377471451885367/">RIT Information Security </a></span><span style="line-height: 1.538em;">Pinterest: <a href="https://www.pinterest.com/ritinfosec/">RIT InfoSec </a>/ </span><span style="line-height: 1.538em;">Instagram: <a href="https://instagram.com/rit_infosec/">@RIT_infosec </a></span></p>&#13;
</div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/security/tags/anti-virus" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Anti-virus</a></div><div class="field-item odd" rel="dc:subject"><a href="/security/tags/scams" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Scams</a></div><div class="field-item even" rel="dc:subject"><a href="/security/tags/online-shopping" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Online shopping</a></div><div class="field-item odd" rel="dc:subject"><a href="/security/tags/social-networking" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Social Networking</a></div><div class="field-item even" rel="dc:subject"><a href="/security/tags/banking" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Banking</a></div><div class="field-item odd" rel="dc:subject"><a href="/security/tags/awareness" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Awareness</a></div></div></div>Mon, 02 Mar 2015 15:39:51 +0000mxfiso238 at http://www.rit.edu/securityhttp://www.rit.edu/security/content/march-mobile-device-madness#commentsFebruary - Phebruary Phishing http://www.rit.edu/security/content/february-phebruary-phishing
<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p><span style="font-size:18px;"><strong>Phebruary Phishing </strong></span></p>&#13;
<p>It’s Ph(F)ebruary! The perfect time to learn all you need to know to avoid the incessant phishing scams that infest the Internet. Just as there are so many things going on every day in the cyberspace, and new and exciting ways of communicating with the world emerge all the time, phishers find a way to be present everywhere too. From e-mail and social networking sites to online games, dating websites and apps, you might come across a scam, and because cybercriminals have become so good at making them, sometimes phishing scams can appear so real that you might easily fall for them.</p>&#13;
<p>However, there is no need to panic! There are still ways you can avoid falling for these traps, although of course the most important thing to do is be very careful and pay attention responsibly to everything you see online before you click it or enter any sensitive information about you (or anyone else for that matter). Here are some tips to follow:</p>&#13;
<ul><li>Do not respond to a request for your password sent by e-mail, even if the request appears legitimate.</li>&#13;
<li>Do not provide identity information, including credit card numbers, when you receive an unsolicited e-mail or phone call.</li>&#13;
<li>Do not open attachments in unexpected or suspicious e-mails or instant messages.</li>&#13;
<li>If the e-mail or instant message provides a link to a site where you are requested to enter personal information, it may be a phish.</li>&#13;
<li>Make sure links are really taking you where they say they are before you click. You just have to move your mouse over the link, and if it shows you different address than the one displayed in the e-mail it is a phish.</li>&#13;
<li>Be suspicious of any type of communication (e-mail, post on social media site, text message, etc.) that urges you to do something like provide personal information or click somewhere.</li>&#13;
<li>Look for signs in e-mails like grammar mistakes.</li>&#13;
<li>Make sure the security certificate is displayed on a website by double-clicking the “lock” icon. If it isn’t or you get a warning message that it does not match the address, it’s better to get out of this website.</li>&#13;
<li>Although normally phishing emails are not personalized, they can be. So if it looks suspicious it’s always smart to confirm with the company directly to make sure the email is in fact from them.</li>&#13;
<li>Enable <a href="/security/content/browser-configuration#Sitecheck">site checking</a> on your browser.</li>&#13;
<li>Add an <a href="/security/content/phishing#antiphishtool">anti-phishing toolbar </a>to your browser. Anti-phishing toolbars help detect and may block known phishing sites. ITS is providing McAfee anti-phishing tools to ePO-managed users.</li>&#13;
</ul><p>You can also find more tips and information by going to Best Practices&gt;Phishing (<a href="http://www.rit.edu/security/content/phishing">http://www.rit.edu/security/content/phishing</a>).</p>&#13;
<p>Since we’re all human, at some point we could inevitably fall for a phishing scam. Stay Safe Online has shared some things you can do to control the damage it may inflict you if you do:</p>&#13;
<ul><li>Beware of any unauthorized charges to any of your accounts</li>&#13;
<li>If you think your financial accounts could be compromised, contact your financial institution immediately and ask them to close the accounts for you.</li>&#13;
<li>Consider reporting it to the local police department, the Federal Trade Commission (<a href="https://www.ftccomplaintassistant.gov/#crnt&amp;panel1-1">https://www.ftccomplaintassistant.gov/#crnt&amp;panel1-1</a>) or the FBI’s Internet Crime Complaint Center (<a href="http://www.ic3.gov/default.aspx">http://www.ic3.gov/default.aspx</a>).</li>&#13;
</ul><p>We are going to be talking about phishing all month long in all of our social media gadgets, keep up for more useful information about #PhebruaryPhishing. And remember if you receive a phish, report it by emailing <a href="mailto:spam@rit.edu">spam@rit.edu</a>. You can forward phishing attempts to this email.</p>&#13;
<p><strong>Follow us on all of our social media accounts for more tips and information:</strong></p>&#13;
<p><span style="line-height: 1.538em;">Facebook: <a href="https://www.facebook.com/RITInfosec">RIT Information Security</a> / </span><span style="line-height: 1.538em;">Twitter: <a href="https://twitter.com/RIT_InfoSec">@RIT_InfoSec</a> / </span><span style="line-height: 1.538em;">Google+: <a href="https://plus.google.com/110275377471451885367/">RIT Information Security </a></span><span style="line-height: 1.538em;">Pinterest: <a href="https://www.pinterest.com/ritinfosec/">RIT InfoSec </a>/ </span><span style="line-height: 1.538em;">Instagram: <a href="https://instagram.com/rit_infosec/">@RIT_infosec </a></span></p>&#13;
<p> </p>&#13;
</div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/security/tags/anti-virus" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Anti-virus</a></div><div class="field-item odd" rel="dc:subject"><a href="/security/tags/scams" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Scams</a></div><div class="field-item even" rel="dc:subject"><a href="/security/tags/online-shopping" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Online shopping</a></div><div class="field-item odd" rel="dc:subject"><a href="/security/tags/social-networking" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Social Networking</a></div><div class="field-item even" rel="dc:subject"><a href="/security/tags/banking" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Banking</a></div><div class="field-item odd" rel="dc:subject"><a href="/security/tags/awareness" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Awareness</a></div></div></div>Tue, 17 Feb 2015 14:31:34 +0000mxfiso231 at http://www.rit.edu/securityhttp://www.rit.edu/security/content/february-phebruary-phishing#comments